{"id":25944584,"url":"https://github.com/dermot10/app_vulnerability_code","last_synced_at":"2026-05-19T09:03:10.037Z","repository":{"id":172002506,"uuid":"647417335","full_name":"Dermot10/app_vulnerability_code","owner":"Dermot10","description":"CLI tool used as a demo to get the developer role at H\u0026B. It's purpose is to remotely launch cyber attacks on a dummy site through web-browser automation","archived":false,"fork":false,"pushed_at":"2023-06-19T03:12:31.000Z","size":39,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-02T10:04:43.587Z","etag":null,"topics":["cli","cybersecurity","modular-design","playwright","pydantic","python","typer-cli","unittesting"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Dermot10.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"license.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-05-30T18:32:19.000Z","updated_at":"2025-02-05T20:02:21.000Z","dependencies_parsed_at":null,"dependency_job_id":"cef32e70-ba43-4fdd-82cb-2e433e35c9dc","html_url":"https://github.com/Dermot10/app_vulnerability_code","commit_stats":null,"previous_names":["dermot10/app_vulnerability_code"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Dermot10/app_vulnerability_code","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dermot10%2Fapp_vulnerability_code","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dermot10%2Fapp_vulnerability_code/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dermot10%2Fapp_vulnerability_code/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dermot10%2Fapp_vulnerability_code/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Dermot10","download_url":"https://codeload.github.com/Dermot10/app_vulnerability_code/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dermot10%2Fapp_vulnerability_code/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267145789,"owners_count":24042655,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-26T02:00:08.937Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","cybersecurity","modular-design","playwright","pydantic","python","typer-cli","unittesting"],"created_at":"2025-03-04T08:18:21.395Z","updated_at":"2026-05-19T09:03:04.990Z","avatar_url":"https://github.com/Dermot10.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GruyereExploitationCLI\n\nThis module provides the GruyereExploitationCLI.\n\n## Installation\n\nTo install the GruyereExploitationCLI, follow these steps:\n\n1. Clone the repository: `git clone https://github.com/Dermot10/app_vulnerability_code.git`\n2. Install the required dependencies: `pip install -r requirements.txt`\n\n# Exploit Browser CLI\n\nThis command-line interface (CLI) provides a set of commands to perform various web security exploits using a browser automation tool.\n\n## Commands and arguments\n\n### `exploit-dom-xss`\n\nThis command exploits the DOM (Document Object Model) with an XSS (Cross-Site Scripting) attack. It injects custom JavaScript or HTML payload into the DOM of the specified URL.\n\n- Arguments:\n- `\u003curl\u003e`: Gruyere home page url.\n- `\u003cpayload\u003e`: Text or HTML to inject into the DOM.\n\n### `exploit-reflected-xss`\n\nThis command exploits a URL with a reflected XSS attack. It sends a malicious payload to the URL, which gets reflected back in the response, potentially executing arbitrary scripts in the user's browser.\n\n- Arguments:\n- `\u003curl\u003e`: Gruyere home page url.\n\n### `exploit-gruyere-server`\n\nThis command exploits the Gruyere server to read the contents of the `secret.txt` file using path traversal. It retrieves the file data from the specified URL and saves it to the specified location on the local system.\n\n- Arguments:\n- `\u003curl\u003e`: The URL of the Gruyere home page.\n- `\u003cnew_secret_destination\u003e`: The file name and existing location to write the data to.\n\n### `exploit-path-traversal`\n\nThis command exploits a URL with a path traversal vulnerability to upload a file to the Gruyere server. It injects a file into the specified URL's path, allowing unauthorized file uploads.\n\n- Arguments:\n- `\u003curl\u003e`: The URL of the Gruyere web page to exploit.\n- `\u003cfilename\u003e`: The path and file you want to inject into the URL.\n\n### `exploit_cookies_elevate_privileges`\n\nThis command exploits cookies to elevate user privileges. It leverages cookies to bypass authentication and gain elevated privileges, such as admin privileges.\n\nUsername - administrator\nPassword - secret\n\n- Arguments:\n- `\u003curl\u003e`: Gruyere home page url.\n\n### `remote_login`\n\nThis command remotely logs in to a specified URL. It simulates the login process by providing the username and password, allowing for further testing and exploration.\n\n- Arguments:\n- `\u003curl\u003e`: The URL of the Gruyere login page.\n- `\u003cusername\u003e`: The username for login.\n- `\u003cpassword\u003e`: The password for login.\n\n### `check_cookies`\n\nThis command retrieves the cookies from a webpage. Cookies are granted and never revoked, and they can be used to bypass authentication or gain unauthorized access.\nTo check the cookies for the user, use the remote login command after creating a user.\n\n- Arguments:\n- `\u003curl\u003e`: The URL of the Gruyere home web page.\n\n### `exploit_upload`\n\nThis command uploads a file containing HTML to the specified webpage. This can be used to exploit vulnerabilities related to file uploads, such as executing malicious scripts or compromising the server.\n\n- Arguments:\n- `\u003curl\u003e`: The URL of the Gruyere upload page.\n- `\u003cfile\u003e`: The file to upload.\n\n**Note:** Each command includes a delay after execution to allow for proper handling and observation of the exploit. Modify the sleep duration as needed for your specific use case.\n\n## Usage\n\nTo use the CLI, execute the desired command with the required arguments. For example:\n\n```bash\n$ python main.py exploit-dom-xss \"https://example.com\" \"\u003cscript\u003ealert('XSS');\u003c/script\u003e\"\n```\n\n\"This project is licensed under the MIT License. See the LICENSE file for more information.\"\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdermot10%2Fapp_vulnerability_code","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdermot10%2Fapp_vulnerability_code","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdermot10%2Fapp_vulnerability_code/lists"}